Security News > 2023 > January > Cisco warns of auth bypass bug with public exploit in EoL routers
Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life VPN routers.
The security flaw was found in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 routers by Hou Liuyang of Qihoo 360 Netlab.
Unauthenticated attackers can exploit it remotely by sending a specially crafted HTTP request to vulnerable routers' web-based management interface to bypass authentication.
While the RV016 and RV082 WAN VPN routers were last up for sale in January and May 2016, the last day the RV042 and RV042G VPN routers were available for order was January 30, 2020, and will still be under support until January 31, 2025.
In September, the company said it wouldn't fix a critical auth bypass flaw affecting RV110W, RV130, RV130W, and RV215W EoL routers, encouraging them to migrate to RV132W, RV160, or RV160W routers under support.
In June, Cisco again advised owners to switch to newer router models after disclosing a critical remote code execution vulnerability that was also left unpatched.
News URL
Related news
- Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Cisco warns of denial of service flaw with PoC exploit code (source)
- Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits (source)
- Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
- Juniper patches critical auth bypass in Session Smart routers (source)
- PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices (source)